@n2world/orchestrator 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (154) hide show
  1. package/dist/agent-os-rd.d.ts +100 -0
  2. package/dist/agent-os-rd.js +258 -0
  3. package/dist/audit-store.d.ts +14 -0
  4. package/dist/audit-store.js +107 -0
  5. package/dist/beta-runner.d.ts +95 -0
  6. package/dist/beta-runner.js +251 -0
  7. package/dist/beta.d.ts +102 -0
  8. package/dist/beta.js +180 -0
  9. package/dist/browser-agent.d.ts +90 -0
  10. package/dist/browser-agent.js +223 -0
  11. package/dist/channel-gateway.d.ts +74 -0
  12. package/dist/channel-gateway.js +270 -0
  13. package/dist/channels.d.ts +120 -0
  14. package/dist/channels.js +432 -0
  15. package/dist/chat-store.d.ts +29 -0
  16. package/dist/chat-store.js +120 -0
  17. package/dist/cli.d.ts +2 -0
  18. package/dist/cli.js +607 -0
  19. package/dist/command-screen.d.ts +12 -0
  20. package/dist/command-screen.js +44 -0
  21. package/dist/commit-gate.d.ts +98 -0
  22. package/dist/commit-gate.js +258 -0
  23. package/dist/companion-api.d.ts +37 -0
  24. package/dist/companion-api.js +101 -0
  25. package/dist/conversation-graph.d.ts +39 -0
  26. package/dist/conversation-graph.js +92 -0
  27. package/dist/cost-estimator.d.ts +27 -0
  28. package/dist/cost-estimator.js +42 -0
  29. package/dist/cron-runner.d.ts +31 -0
  30. package/dist/cron-runner.js +46 -0
  31. package/dist/dashboard/chat.html +326 -0
  32. package/dist/dashboard/dental.html +58 -0
  33. package/dist/dashboard/freebie.png +0 -0
  34. package/dist/dashboard/icon-192.png +0 -0
  35. package/dist/dashboard/index.html +892 -0
  36. package/dist/dashboard/manifest.json +15 -0
  37. package/dist/dashboard/service-worker.js +28 -0
  38. package/dist/dashboard-server.d.ts +37 -0
  39. package/dist/dashboard-server.js +457 -0
  40. package/dist/dental-intake-service.d.ts +37 -0
  41. package/dist/dental-intake-service.js +61 -0
  42. package/dist/dental-metrics.d.ts +25 -0
  43. package/dist/dental-metrics.js +37 -0
  44. package/dist/docking.d.ts +36 -0
  45. package/dist/docking.js +73 -0
  46. package/dist/finance-mcts-candidate.d.ts +37 -0
  47. package/dist/finance-mcts-candidate.js +106 -0
  48. package/dist/finance-regulation-kr.d.ts +33 -0
  49. package/dist/finance-regulation-kr.js +104 -0
  50. package/dist/finance-workflow.d.ts +135 -0
  51. package/dist/finance-workflow.js +242 -0
  52. package/dist/gateway.d.ts +18 -0
  53. package/dist/gateway.js +123 -0
  54. package/dist/governance.d.ts +39 -0
  55. package/dist/governance.js +48 -0
  56. package/dist/governed-executor.d.ts +31 -0
  57. package/dist/governed-executor.js +63 -0
  58. package/dist/governed-llm.d.ts +41 -0
  59. package/dist/governed-llm.js +83 -0
  60. package/dist/gpu-bridge.d.ts +16 -0
  61. package/dist/gpu-bridge.js +53 -0
  62. package/dist/health.d.ts +47 -0
  63. package/dist/health.js +66 -0
  64. package/dist/identity-link.d.ts +32 -0
  65. package/dist/identity-link.js +98 -0
  66. package/dist/index.d.ts +184 -0
  67. package/dist/index.js +417 -0
  68. package/dist/integrations/emr-adapter.d.ts +41 -0
  69. package/dist/integrations/emr-adapter.js +63 -0
  70. package/dist/kakao-oauth.d.ts +16 -0
  71. package/dist/kakao-oauth.js +87 -0
  72. package/dist/knowledge-graph.d.ts +53 -0
  73. package/dist/knowledge-graph.js +156 -0
  74. package/dist/llm.d.ts +65 -0
  75. package/dist/llm.js +357 -0
  76. package/dist/mcp-client-guard.d.ts +32 -0
  77. package/dist/mcp-client-guard.js +179 -0
  78. package/dist/mcp-macaroon.d.ts +75 -0
  79. package/dist/mcp-macaroon.js +161 -0
  80. package/dist/mcts-kernel-bridge.d.ts +36 -0
  81. package/dist/mcts-kernel-bridge.js +99 -0
  82. package/dist/mcts-prior.d.ts +79 -0
  83. package/dist/mcts-prior.js +170 -0
  84. package/dist/model-router.d.ts +51 -0
  85. package/dist/model-router.js +75 -0
  86. package/dist/multi-axis-lift.d.ts +43 -0
  87. package/dist/multi-axis-lift.js +141 -0
  88. package/dist/net-guard.d.ts +39 -0
  89. package/dist/net-guard.js +141 -0
  90. package/dist/onboarding.d.ts +38 -0
  91. package/dist/onboarding.js +94 -0
  92. package/dist/oracle-anchored-search.d.ts +25 -0
  93. package/dist/oracle-anchored-search.js +50 -0
  94. package/dist/oracle.d.ts +22 -0
  95. package/dist/oracle.js +116 -0
  96. package/dist/p6-governance.d.ts +150 -0
  97. package/dist/p6-governance.js +252 -0
  98. package/dist/pairing.d.ts +22 -0
  99. package/dist/pairing.js +81 -0
  100. package/dist/personalization.d.ts +35 -0
  101. package/dist/personalization.js +73 -0
  102. package/dist/pglite-hnsw-bridge.d.ts +118 -0
  103. package/dist/pglite-hnsw-bridge.js +311 -0
  104. package/dist/pglite-store.d.ts +59 -0
  105. package/dist/pglite-store.js +180 -0
  106. package/dist/playbook.d.ts +79 -0
  107. package/dist/playbook.js +83 -0
  108. package/dist/playbooks/dental-intake.d.ts +20 -0
  109. package/dist/playbooks/dental-intake.js +112 -0
  110. package/dist/predictive-agent.d.ts +157 -0
  111. package/dist/predictive-agent.js +535 -0
  112. package/dist/prompt-optimizer.d.ts +18 -0
  113. package/dist/prompt-optimizer.js +104 -0
  114. package/dist/rate-limiter.d.ts +25 -0
  115. package/dist/rate-limiter.js +75 -0
  116. package/dist/safety-anneal.d.ts +83 -0
  117. package/dist/safety-anneal.js +153 -0
  118. package/dist/sandbox-controller.d.ts +12 -0
  119. package/dist/sandbox-controller.js +95 -0
  120. package/dist/satisfaction-metrics.d.ts +26 -0
  121. package/dist/satisfaction-metrics.js +61 -0
  122. package/dist/sensor-bridge.d.ts +53 -0
  123. package/dist/sensor-bridge.js +133 -0
  124. package/dist/session-repair.d.ts +27 -0
  125. package/dist/session-repair.js +66 -0
  126. package/dist/slack-finance-intake.d.ts +42 -0
  127. package/dist/slack-finance-intake.js +122 -0
  128. package/dist/symbolic-dynamics.d.ts +113 -0
  129. package/dist/symbolic-dynamics.js +420 -0
  130. package/dist/telemetry.d.ts +19 -0
  131. package/dist/telemetry.js +68 -0
  132. package/dist/text-embedding.d.ts +6 -0
  133. package/dist/text-embedding.js +42 -0
  134. package/dist/tier-classifier.d.ts +20 -0
  135. package/dist/tier-classifier.js +58 -0
  136. package/dist/tier-guard.d.ts +36 -0
  137. package/dist/tier-guard.js +56 -0
  138. package/dist/tui.d.ts +9 -0
  139. package/dist/tui.js +214 -0
  140. package/dist/update-security.d.ts +31 -0
  141. package/dist/update-security.js +112 -0
  142. package/dist/v-calibration.d.ts +16 -0
  143. package/dist/v-calibration.js +42 -0
  144. package/dist/value-calibration.d.ts +41 -0
  145. package/dist/value-calibration.js +133 -0
  146. package/dist/value-head.d.ts +20 -0
  147. package/dist/value-head.js +91 -0
  148. package/dist/wal-buffer.d.ts +23 -0
  149. package/dist/wal-buffer.js +144 -0
  150. package/dist/wiki-synthesizer.d.ts +80 -0
  151. package/dist/wiki-synthesizer.js +0 -0
  152. package/dist/worker-agent.d.ts +10 -0
  153. package/dist/worker-agent.js +19 -0
  154. package/package.json +65 -0
@@ -0,0 +1,83 @@
1
+ "use strict";
2
+ // ============================================================================
3
+ // v2.5.2 — Governed LLM 실행 계층 (Tier 분류 → TierGuard → 로컬/외부 라우팅)
4
+ // ----------------------------------------------------------------------------
5
+ // 이 모듈이 *실제 에이전트 응답 경로의 강제 지점*이다. 들어온 발화를 규칙기반으로
6
+ // 분류하고(기본거부=Tier-0), TierGuard로 외부 송신을 통제하며, Tier-0는 로컬 백엔드로만
7
+ // 처리한다(로컬 미설정 시 외부로 보내지 않고 정직하게 보류).
8
+ //
9
+ // 정직 고지(제1계명): 백엔드는 주입형(테스트 가능). 실 LLM/로컬 호출은 키·ollama 가
10
+ // 있어야 성공(가짜 성공 없음). Tier-0 외부 송신 허용 건수는 항상 0이어야 한다.
11
+ // ============================================================================
12
+ Object.defineProperty(exports, "__esModule", { value: true });
13
+ exports.GovernedAgent = exports.NO_BACKEND_NOTICE = exports.TIER1_NOTICE = exports.TIER0_NO_LOCAL_NOTICE = void 0;
14
+ exports.defaultGovernedBackends = defaultGovernedBackends;
15
+ const llm_1 = require("./llm");
16
+ const tier_classifier_1 = require("./tier-classifier");
17
+ const tier_guard_1 = require("./tier-guard");
18
+ exports.TIER0_NO_LOCAL_NOTICE = '[보안·Tier-0] 민감 데이터(개인정보/자격증명/센서·음성)는 외부 모델로 보내지 않습니다. 로컬 모델(OLLAMA_MODEL) 미설정으로 처리를 보류했습니다 — 로컬 모델을 설정하면 처리됩니다.';
19
+ exports.TIER1_NOTICE = '[Tier-1] 외부 모델 사용 동의가 없고 로컬 모델도 없어 처리를 보류했습니다. 동의(consent) 또는 로컬 모델을 설정하세요.';
20
+ exports.NO_BACKEND_NOTICE = '[알림] 사용 가능한 LLM 백엔드가 없습니다(외부 키·로컬 모델 모두 미설정).';
21
+ /**
22
+ * Tier 라우팅 강제 에이전트. respond()가 실 실행 경로의 단일 강제 지점.
23
+ */
24
+ class GovernedAgent {
25
+ backends;
26
+ guard;
27
+ /** 채널 정책상 기준 Tier — *미분류(DEFAULT-DENY)*에만 적용. 민감 매칭은 항상 Tier-0 유지. */
28
+ baselineTier;
29
+ constructor(backends, opts = {}) {
30
+ this.backends = backends;
31
+ this.guard = opts.guard ?? new tier_guard_1.TierGuard();
32
+ this.baselineTier = opts.baselineTier;
33
+ }
34
+ async respond(history, opts = {}) {
35
+ const last = [...history].reverse().find((t) => t.role === 'user')?.content ?? '';
36
+ const c = (0, tier_classifier_1.classifyTier)({ text: last });
37
+ // 민감(KIND/PII/SECRET) 매칭은 Tier-0 고정. 오직 '미분류(DEFAULT-DENY)'일 때만 기준 Tier 적용.
38
+ const baseline = opts.baselineTier ?? this.baselineTier;
39
+ const tier = (c.ruleId === 'DEFAULT-DENY' && baseline !== undefined) ? baseline : c.tier;
40
+ const ext = this.backends.externalName();
41
+ // ── Tier-0: 외부 금지, 로컬만 ──
42
+ if (tier === 0) {
43
+ if (this.backends.localConfigured()) {
44
+ this.guard.evaluate({ tier, provider: 'ollama-local' }); // allowed(local)
45
+ return { text: await this.backends.local(history, opts.system), tier, provider: 'local', blockedExternal: true, reason: 'Tier-0 → 로컬 강제' };
46
+ }
47
+ this.guard.evaluate({ tier, provider: ext }); // 외부 시도 → 차단 기록(0/N 보장)
48
+ return { text: exports.TIER0_NO_LOCAL_NOTICE, tier, provider: 'none', blockedExternal: true, reason: 'Tier-0·로컬 미설정 → 외부 차단·보류' };
49
+ }
50
+ // ── Tier-1: 로컬 우선, 외부는 동의 시 ──
51
+ if (tier === 1) {
52
+ const gate = this.guard.evaluate({ tier, provider: ext, userConsent: opts.consent });
53
+ if (gate.allowed && this.backends.externalAvailable()) {
54
+ return { text: await this.backends.external(history, opts.system), tier, provider: 'external', blockedExternal: false, reason: gate.reason };
55
+ }
56
+ if (this.backends.localConfigured()) {
57
+ return { text: await this.backends.local(history, opts.system), tier, provider: 'local', blockedExternal: !gate.allowed, reason: '로컬 우선/폴백' };
58
+ }
59
+ return { text: exports.TIER1_NOTICE, tier, provider: 'none', blockedExternal: !gate.allowed, reason: 'Tier-1 외부 동의 없음·로컬 없음' };
60
+ }
61
+ // ── Tier-2: 외부 허용(없으면 로컬) ──
62
+ const gate = this.guard.evaluate({ tier, provider: ext });
63
+ if (gate.allowed && this.backends.externalAvailable()) {
64
+ return { text: await this.backends.external(history, opts.system), tier, provider: 'external', blockedExternal: false, reason: gate.reason };
65
+ }
66
+ if (this.backends.localConfigured()) {
67
+ return { text: await this.backends.local(history, opts.system), tier, provider: 'local', blockedExternal: false, reason: '외부 불가 → 로컬 폴백' };
68
+ }
69
+ return { text: exports.NO_BACKEND_NOTICE, tier, provider: 'none', blockedExternal: false, reason: '백엔드 없음' };
70
+ }
71
+ guardRef() { return this.guard; }
72
+ }
73
+ exports.GovernedAgent = GovernedAgent;
74
+ /** llm.ts 기반 기본 백엔드 구성(외부=askAgentChat, 로컬=localChat). */
75
+ function defaultGovernedBackends(runShell) {
76
+ return {
77
+ external: (h) => (0, llm_1.askAgentChat)(h, runShell),
78
+ local: (h, s) => (0, llm_1.localChat)(h, s),
79
+ localConfigured: () => (0, llm_1.localLlmConfigured)(),
80
+ externalAvailable: () => (0, llm_1.externalProviderId)() !== null,
81
+ externalName: () => (0, llm_1.externalProviderId)() ?? 'external',
82
+ };
83
+ }
@@ -0,0 +1,16 @@
1
+ export declare class GpuDirectZeroCopyBridge {
2
+ private mapped;
3
+ private mappedOffset;
4
+ private mappedSize;
5
+ /** SAB의 특정 영역을 매핑(GPU 아님 — 호스트 공유메모리 영역 지정). */
6
+ mapGpuMemory(sharedBuffer: Uint8Array, offset: number, size: number): void;
7
+ /** 진짜 제로카피: 잠재 벡터를 매핑된 SAB 영역에 Float32 뷰로 직접 기록(복사 없음). */
8
+ syncLatentStateZeroCopy(sharedBuffer: Uint8Array, latentVector: number[]): void;
9
+ /** 매핑 영역에서 읽어와 기록이 실제로 반영됐는지 검증용. */
10
+ readBack(sharedBuffer: Uint8Array, length: number): number[];
11
+ /**
12
+ * 전통적 전송 베이스라인(실측 비교용): 직렬화→역직렬화→새 배열 복사.
13
+ * 가짜 지연(setTimeout) 없이 실제 작업만 수행한다 — 측정된 차이는 진짜다.
14
+ */
15
+ traditionalCopyTransfer(latentVector: number[]): number[];
16
+ }
@@ -0,0 +1,53 @@
1
+ "use strict";
2
+ // ============================================================================
3
+ // SAB(SharedArrayBuffer) 제로카피 브리지
4
+ // ----------------------------------------------------------------------------
5
+ // 정직 고지(제1계명): 이 클래스는 **진짜 SharedArrayBuffer 제로카피 쓰기**를 한다(시뮬 아님).
6
+ // 그러나 **GPU/CUDA/PCIe/GPUDirect는 구현되어 있지 않다** — 그 명칭은 향후 GPU 통합을 위한
7
+ // 자리표시일 뿐, 현재는 호스트 메모리(SAB) 제로카피만 수행한다. 과거의 "0.05ms·100배" 류
8
+ // 미검증 수치와 가짜(setTimeout) 베이스라인은 제거했다. 비교는 실제 직렬화-복사로만 한다.
9
+ // (하위 호환을 위해 클래스명 GpuDirectZeroCopyBridge 는 유지한다.)
10
+ // ============================================================================
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.GpuDirectZeroCopyBridge = void 0;
13
+ class GpuDirectZeroCopyBridge {
14
+ mapped = false;
15
+ mappedOffset = 0;
16
+ mappedSize = 0;
17
+ /** SAB의 특정 영역을 매핑(GPU 아님 — 호스트 공유메모리 영역 지정). */
18
+ mapGpuMemory(sharedBuffer, offset, size) {
19
+ if (offset + size > sharedBuffer.byteLength) {
20
+ throw new Error('SAB mapping size exceeds shared buffer bounds');
21
+ }
22
+ this.mappedOffset = offset;
23
+ this.mappedSize = size;
24
+ this.mapped = true;
25
+ }
26
+ /** 진짜 제로카피: 잠재 벡터를 매핑된 SAB 영역에 Float32 뷰로 직접 기록(복사 없음). */
27
+ syncLatentStateZeroCopy(sharedBuffer, latentVector) {
28
+ if (!this.mapped)
29
+ throw new Error('SAB zero-copy bridge not mapped');
30
+ if (latentVector.length * 4 > this.mappedSize) {
31
+ throw new Error('Latent vector exceeds mapped SAB region size');
32
+ }
33
+ const floatView = new Float32Array(sharedBuffer.buffer, sharedBuffer.byteOffset + this.mappedOffset, latentVector.length);
34
+ floatView.set(latentVector); // 제로카피 직접 기록
35
+ }
36
+ /** 매핑 영역에서 읽어와 기록이 실제로 반영됐는지 검증용. */
37
+ readBack(sharedBuffer, length) {
38
+ if (!this.mapped)
39
+ throw new Error('SAB zero-copy bridge not mapped');
40
+ const floatView = new Float32Array(sharedBuffer.buffer, sharedBuffer.byteOffset + this.mappedOffset, length);
41
+ return Array.from(floatView);
42
+ }
43
+ /**
44
+ * 전통적 전송 베이스라인(실측 비교용): 직렬화→역직렬화→새 배열 복사.
45
+ * 가짜 지연(setTimeout) 없이 실제 작업만 수행한다 — 측정된 차이는 진짜다.
46
+ */
47
+ traditionalCopyTransfer(latentVector) {
48
+ const serialized = JSON.stringify({ latent: latentVector });
49
+ const parsed = JSON.parse(serialized);
50
+ return parsed.latent.slice(); // 복사본 반환
51
+ }
52
+ }
53
+ exports.GpuDirectZeroCopyBridge = GpuDirectZeroCopyBridge;
@@ -0,0 +1,47 @@
1
+ import { TelemetrySource, Telemetry } from './telemetry';
2
+ import { GovernanceController } from './governance';
3
+ export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
4
+ export interface LogEntry {
5
+ t: string;
6
+ level: LogLevel;
7
+ event: string;
8
+ fields?: Record<string, unknown>;
9
+ }
10
+ /** 구조적(JSON) 로거. 레벨 필터 + sink(콘솔/외부) + 선택적 캡처. */
11
+ export declare class StructuredLogger {
12
+ private opts;
13
+ private entries;
14
+ constructor(opts?: {
15
+ level?: LogLevel;
16
+ sink?: (e: LogEntry) => void;
17
+ capture?: boolean;
18
+ });
19
+ log(level: LogLevel, event: string, fields?: Record<string, unknown>): void;
20
+ debug(e: string, f?: Record<string, unknown>): void;
21
+ info(e: string, f?: Record<string, unknown>): void;
22
+ warn(e: string, f?: Record<string, unknown>): void;
23
+ error(e: string, f?: Record<string, unknown>): void;
24
+ getEntries(): LogEntry[];
25
+ }
26
+ export interface HealthThresholds {
27
+ maxMemPercent: number;
28
+ maxCpuPercent: number;
29
+ }
30
+ export declare const DEFAULT_HEALTH_THRESHOLDS: HealthThresholds;
31
+ export interface HealthStatus {
32
+ status: 'healthy' | 'degraded' | 'unhealthy';
33
+ checks: Record<string, {
34
+ ok: boolean;
35
+ detail: string;
36
+ }>;
37
+ telemetry: Telemetry;
38
+ t: string;
39
+ }
40
+ /** 텔레메트리 + 거버넌스를 종합해 건강 상태를 산출(실측 기반). */
41
+ export declare class HealthCheck {
42
+ private telemetry;
43
+ private gov?;
44
+ private thresholds;
45
+ constructor(telemetry: TelemetrySource, gov?: GovernanceController | undefined, thresholds?: HealthThresholds);
46
+ check(): HealthStatus;
47
+ }
package/dist/health.js ADDED
@@ -0,0 +1,66 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.HealthCheck = exports.DEFAULT_HEALTH_THRESHOLDS = exports.StructuredLogger = void 0;
4
+ const LEVEL_ORDER = { debug: 0, info: 1, warn: 2, error: 3 };
5
+ /** 구조적(JSON) 로거. 레벨 필터 + sink(콘솔/외부) + 선택적 캡처. */
6
+ class StructuredLogger {
7
+ opts;
8
+ entries = [];
9
+ constructor(opts = {}) {
10
+ this.opts = opts;
11
+ }
12
+ log(level, event, fields) {
13
+ if (LEVEL_ORDER[level] < LEVEL_ORDER[this.opts.level ?? 'info'])
14
+ return;
15
+ const entry = { t: new Date().toISOString(), level, event, ...(fields ? { fields } : {}) };
16
+ if (this.opts.capture)
17
+ this.entries.push(entry);
18
+ if (this.opts.sink)
19
+ this.opts.sink(entry);
20
+ }
21
+ debug(e, f) { this.log('debug', e, f); }
22
+ info(e, f) { this.log('info', e, f); }
23
+ warn(e, f) { this.log('warn', e, f); }
24
+ error(e, f) { this.log('error', e, f); }
25
+ getEntries() { return this.entries; }
26
+ }
27
+ exports.StructuredLogger = StructuredLogger;
28
+ exports.DEFAULT_HEALTH_THRESHOLDS = { maxMemPercent: 90, maxCpuPercent: 95 };
29
+ /** 텔레메트리 + 거버넌스를 종합해 건강 상태를 산출(실측 기반). */
30
+ class HealthCheck {
31
+ telemetry;
32
+ gov;
33
+ thresholds;
34
+ constructor(telemetry, gov, thresholds = exports.DEFAULT_HEALTH_THRESHOLDS) {
35
+ this.telemetry = telemetry;
36
+ this.gov = gov;
37
+ this.thresholds = thresholds;
38
+ }
39
+ check() {
40
+ const tm = this.telemetry.sample();
41
+ const checks = {};
42
+ checks.memory = {
43
+ ok: tm.memPercent < this.thresholds.maxMemPercent,
44
+ detail: `${tm.memPercent}% (<${this.thresholds.maxMemPercent}%)`,
45
+ };
46
+ checks.cpu = {
47
+ ok: tm.cpuPercent < this.thresholds.maxCpuPercent,
48
+ detail: `${tm.cpuPercent}% (<${this.thresholds.maxCpuPercent}%)`,
49
+ };
50
+ let killed = false;
51
+ if (this.gov) {
52
+ const s = this.gov.status();
53
+ killed = s.killed;
54
+ checks.killswitch = { ok: !s.killed, detail: s.killed ? 'ACTIVE(중단)' : 'off' };
55
+ checks.budget = { ok: s.budgetRemaining > 0, detail: `남은 예산 ${s.budgetRemaining}` };
56
+ }
57
+ // 킬스위치 활성 = unhealthy(의도적 중단). 임계 초과 = degraded. 그 외 healthy.
58
+ let status = 'healthy';
59
+ if (killed)
60
+ status = 'unhealthy';
61
+ else if (Object.values(checks).some((c) => !c.ok))
62
+ status = 'degraded';
63
+ return { status, checks, telemetry: tm, t: new Date().toISOString() };
64
+ }
65
+ }
66
+ exports.HealthCheck = HealthCheck;
@@ -0,0 +1,32 @@
1
+ /** (테넌트:채널:발신자) 정규화 세션 키 — 멀티테넌트 격리의 기본 단위. */
2
+ export declare function sessionKey(tenant: string, channel: string, sender: string): string;
3
+ export interface ChannelAccount {
4
+ channel: string;
5
+ sender: string;
6
+ }
7
+ /**
8
+ * 신원 링크 원장 — 한 사람(identityId)에 여러 (채널:발신자)를 페어링 코드로 잇는다.
9
+ */
10
+ export declare class IdentityLinker {
11
+ private readonly ttlMs;
12
+ /** (channel:sender) → identityId */
13
+ private linked;
14
+ /** code → pending */
15
+ private pending;
16
+ constructor(ttlMs?: number);
17
+ private acc;
18
+ /** 1차 채널에서 페어링 코드 발급(이 채널은 즉시 링크). */
19
+ issuePairingCode(identityId: string, primary: ChannelAccount, now?: number): string;
20
+ /** 2차 채널에서 코드 제출 → 검증 성공 시 동일 신원으로 링크(코드 1회 소모). */
21
+ redeemPairingCode(code: string, secondary: ChannelAccount, now?: number): {
22
+ ok: boolean;
23
+ identityId?: string;
24
+ reason?: string;
25
+ };
26
+ identityOf(a: ChannelAccount): string | null;
27
+ /** 도킹 허용 여부: 두 채널 계정이 *동일 검증 신원*에 링크돼 있어야 한다. */
28
+ canDock(from: ChannelAccount, to: ChannelAccount): {
29
+ allowed: boolean;
30
+ reason: string;
31
+ };
32
+ }
@@ -0,0 +1,98 @@
1
+ "use strict";
2
+ // ============================================================================
3
+ // v2.5.2 Phase 1 — 교차 채널 신원 링크 + 테넌트 세션 키
4
+ // ----------------------------------------------------------------------------
5
+ // 계획서 v2.5.2 §8: 채널 ID ≠ 인증. 동일 사용자의 텔레그램·슬랙 계정을 *일회성 코드
6
+ // 페어링*으로 링크·검증한다. 링크된 신원만 채널 도킹을 허용(교차 채널 컨텍스트 이전).
7
+ // 또한 세션 키를 (테넌트:채널:발신자)로 강제해 멀티테넌트 격리를 보장한다.
8
+ //
9
+ // 정직 고지(제1계명): 페어링 코드는 만료·1회성. 미검증 신원의 도킹은 거부한다.
10
+ // ============================================================================
11
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
12
+ if (k2 === undefined) k2 = k;
13
+ var desc = Object.getOwnPropertyDescriptor(m, k);
14
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
15
+ desc = { enumerable: true, get: function() { return m[k]; } };
16
+ }
17
+ Object.defineProperty(o, k2, desc);
18
+ }) : (function(o, m, k, k2) {
19
+ if (k2 === undefined) k2 = k;
20
+ o[k2] = m[k];
21
+ }));
22
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
23
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
24
+ }) : function(o, v) {
25
+ o["default"] = v;
26
+ });
27
+ var __importStar = (this && this.__importStar) || (function () {
28
+ var ownKeys = function(o) {
29
+ ownKeys = Object.getOwnPropertyNames || function (o) {
30
+ var ar = [];
31
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
32
+ return ar;
33
+ };
34
+ return ownKeys(o);
35
+ };
36
+ return function (mod) {
37
+ if (mod && mod.__esModule) return mod;
38
+ var result = {};
39
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
40
+ __setModuleDefault(result, mod);
41
+ return result;
42
+ };
43
+ })();
44
+ Object.defineProperty(exports, "__esModule", { value: true });
45
+ exports.IdentityLinker = void 0;
46
+ exports.sessionKey = sessionKey;
47
+ const crypto = __importStar(require("crypto"));
48
+ /** (테넌트:채널:발신자) 정규화 세션 키 — 멀티테넌트 격리의 기본 단위. */
49
+ function sessionKey(tenant, channel, sender) {
50
+ const norm = (s) => String(s).replace(/[^\w.-]/g, '_').slice(0, 64);
51
+ return `${norm(tenant)}:${norm(channel)}:${norm(sender)}`;
52
+ }
53
+ /**
54
+ * 신원 링크 원장 — 한 사람(identityId)에 여러 (채널:발신자)를 페어링 코드로 잇는다.
55
+ */
56
+ class IdentityLinker {
57
+ ttlMs;
58
+ /** (channel:sender) → identityId */
59
+ linked = new Map();
60
+ /** code → pending */
61
+ pending = new Map();
62
+ constructor(ttlMs = 5 * 60 * 1000) {
63
+ this.ttlMs = ttlMs;
64
+ }
65
+ acc(a) { return `${a.channel}:${a.sender}`; }
66
+ /** 1차 채널에서 페어링 코드 발급(이 채널은 즉시 링크). */
67
+ issuePairingCode(identityId, primary, now = Date.now()) {
68
+ this.linked.set(this.acc(primary), identityId);
69
+ const code = crypto.randomBytes(4).toString('hex').toUpperCase(); // 8자 1회성
70
+ this.pending.set(code, { identityId, code, expiresAt: now + this.ttlMs });
71
+ return code;
72
+ }
73
+ /** 2차 채널에서 코드 제출 → 검증 성공 시 동일 신원으로 링크(코드 1회 소모). */
74
+ redeemPairingCode(code, secondary, now = Date.now()) {
75
+ const p = this.pending.get(code);
76
+ if (!p)
77
+ return { ok: false, reason: '코드 없음/이미 사용됨' };
78
+ if (now > p.expiresAt) {
79
+ this.pending.delete(code);
80
+ return { ok: false, reason: '코드 만료' };
81
+ }
82
+ this.pending.delete(code); // 1회성 소모
83
+ this.linked.set(this.acc(secondary), p.identityId);
84
+ return { ok: true, identityId: p.identityId };
85
+ }
86
+ identityOf(a) { return this.linked.get(this.acc(a)) ?? null; }
87
+ /** 도킹 허용 여부: 두 채널 계정이 *동일 검증 신원*에 링크돼 있어야 한다. */
88
+ canDock(from, to) {
89
+ const a = this.identityOf(from);
90
+ const b = this.identityOf(to);
91
+ if (!a || !b)
92
+ return { allowed: false, reason: '미검증 신원(페어링 필요)' };
93
+ if (a !== b)
94
+ return { allowed: false, reason: '서로 다른 신원 — 교차 신원 도킹 차단' };
95
+ return { allowed: true, reason: 'ok' };
96
+ }
97
+ }
98
+ exports.IdentityLinker = IdentityLinker;
@@ -0,0 +1,184 @@
1
+ import { MctsEngine, pruneActions, EbpfMapScheduler } from '@n2world/core';
2
+ import { A2AContext, A2ATrustGate } from './agent-os-rd';
3
+ import { PgliteVectorStore, SearchHit } from './pglite-store';
4
+ import { KnowledgeGraph, ParseOptions } from './knowledge-graph';
5
+ export interface ISandbox {
6
+ runCommand(command: string): Promise<{
7
+ stdout: string;
8
+ stderr: string;
9
+ code: number;
10
+ }>;
11
+ writeFile(filePath: string, content: string): Promise<void>;
12
+ readFile(filePath: string): Promise<string>;
13
+ destroy(): Promise<void>;
14
+ }
15
+ export interface ApprovalRequest {
16
+ kind: 'command' | 'write';
17
+ detail: string;
18
+ }
19
+ export interface SecurityPolicy {
20
+ /** 무조건 차단되는 명령 패턴(파괴적). */
21
+ deniedCommandPatterns: string[];
22
+ /** 승인이 필요한 위험 명령 패턴(되돌릴 수 없음). 승인자 없으면 차단. */
23
+ riskyCommandPatterns: string[];
24
+ /** S1 프리뷰/승인 훅. 위험 명령 실행 전 호출. 미지정 시 위험 명령은 차단. */
25
+ approve?: (req: ApprovalRequest) => Promise<boolean>;
26
+ }
27
+ export declare const DEFAULT_SECURITY_POLICY: SecurityPolicy;
28
+ export declare class LocalSandbox implements ISandbox {
29
+ private policy;
30
+ private tempDir;
31
+ constructor(policy?: SecurityPolicy);
32
+ init(): Promise<void>;
33
+ /** 명령 보안 점검: 차단/위험(승인)/허용. */
34
+ private checkCommand;
35
+ /** 경로 탈출 차단: tempDir 밖으로 나가는 경로를 거부. */
36
+ private safePath;
37
+ runCommand(command: string): Promise<{
38
+ stdout: string;
39
+ stderr: string;
40
+ code: number;
41
+ }>;
42
+ writeFile(filePath: string, content: string): Promise<void>;
43
+ readFile(filePath: string): Promise<string>;
44
+ destroy(): Promise<void>;
45
+ }
46
+ export interface KvmStatus {
47
+ kvmPresent: boolean;
48
+ kvmWritable: boolean;
49
+ firecracker: boolean;
50
+ ready: boolean;
51
+ reason: string;
52
+ }
53
+ /** Firecracker microVM 부팅 가능성을 실제로 탐지한다(거짓 주장 금지). */
54
+ export declare function detectFirecracker(): KvmStatus;
55
+ /**
56
+ * Firecracker microVM 샌드박스(ISandbox). 부팅 전제(KVM 접근·firecracker·커널/rootfs 이미지)가
57
+ * 갖춰져야 한다. 미충족 시 init()이 명확한 사유로 throw → createSandbox()가 폴백을 선택한다.
58
+ * (거짓 부팅을 흉내내지 않는다.)
59
+ */
60
+ export declare class FirecrackerSandbox implements ISandbox {
61
+ private kernelImage?;
62
+ private rootfsImage?;
63
+ private status;
64
+ constructor(kernelImage?: string | undefined, rootfsImage?: string | undefined);
65
+ init(): Promise<void>;
66
+ runCommand(): Promise<{
67
+ stdout: string;
68
+ stderr: string;
69
+ code: number;
70
+ }>;
71
+ writeFile(): Promise<void>;
72
+ readFile(): Promise<string>;
73
+ destroy(): Promise<void>;
74
+ }
75
+ /**
76
+ * P4 폴백 팩토리: microVM 부팅 가능하면 Firecracker, 아니면 LocalSandbox(유저스페이스 격리).
77
+ * "거짓 폴백 금지" — 실제로 동작하는 샌드박스를 반환한다.
78
+ */
79
+ export declare function createSandbox(opts?: {
80
+ kernelImage?: string;
81
+ rootfsImage?: string;
82
+ }): Promise<{
83
+ sandbox: ISandbox;
84
+ backend: 'firecracker' | 'local';
85
+ reason: string;
86
+ }>;
87
+ export declare function greetCore(name: string): string;
88
+ export interface SymbolicMetaTuple {
89
+ targetFilePath: string;
90
+ astErrorCode: number;
91
+ projectDependencyMap: Record<string, string>;
92
+ }
93
+ export declare function writeMetaTuple(buffer: Uint8Array, tuple: SymbolicMetaTuple): void;
94
+ export declare function getMetaTuple(buffer: Uint8Array): SymbolicMetaTuple;
95
+ export interface Skill {
96
+ filePath: string;
97
+ content: string;
98
+ embedding: number[];
99
+ }
100
+ export declare class SkillManager {
101
+ private skills;
102
+ private skillsDir;
103
+ private hnsw;
104
+ private vectorStore?;
105
+ constructor(skillsDir: string);
106
+ /**
107
+ * P1: PGLite 영속 벡터 저장을 부착한다(선택). 부착하면 createSkill/loadSkills 시
108
+ * 임베딩이 영속화되고 `searchPersistent`/`persistedStaleWindowMs` 를 쓸 수 있다.
109
+ * 부착하지 않으면 기존 인메모리 HNSW 경로만 사용한다(공개 API 불변).
110
+ */
111
+ attachVectorStore(store: PgliteVectorStore): void;
112
+ init(): Promise<void>;
113
+ private loadSkills;
114
+ createSkill(fileName: string, content: string): Promise<void>;
115
+ /**
116
+ * P1: 영속 저장(PGLite) 경로의 코사인 검색. vectorStore 부착 시에만 동작.
117
+ * 기존 routeSkill(SAB+HNSW)과 별개의 추가 경로다(하위 호환 — 기존 경로 불변).
118
+ */
119
+ searchPersistent(query: string, k?: number): Promise<SearchHit[]>;
120
+ /** P1: 영속 저장의 경계-staleness 측정값(ms). 미부착 시 null. */
121
+ persistedStaleWindowMs(): number | null;
122
+ /**
123
+ * P2: 적재된 스킬(.md) 항목 간 자가연결 지식 그래프를 만든다(참조·의존·유사).
124
+ * 라우팅/검색을 보조하는 추가 경로 — 기존 공개 API 불변(하위 호환).
125
+ * 항목 id 는 파일 basename 을 쓴다.
126
+ */
127
+ buildKnowledgeGraph(opts?: ParseOptions): KnowledgeGraph;
128
+ /**
129
+ * 7-2: 외부(제3자) 스킬 수용은 반드시 A2A 신뢰 게이트를 통과해야 한다.
130
+ * 서명+Macaroon 범위(HARD_GATE)와 평판으로 t를 산출하고, 통과한 스킬만 라우팅/색인한다.
131
+ * 가치 v가 아니라 신뢰 t로 게이팅한다(고가치·저신뢰 스킬은 차단).
132
+ */
133
+ ingestExternalSkill(peerId: string, fileName: string, content: string, macaroonToken: string, ctx: A2AContext, gate: A2ATrustGate): Promise<{
134
+ accepted: boolean;
135
+ reason: string;
136
+ trust: number;
137
+ }>;
138
+ skillCount(): number;
139
+ private generateMockEmbedding;
140
+ routeSkill(query: string, sharedBuffer: Uint8Array): Promise<string[]>;
141
+ }
142
+ export { MctsEngine, pruneActions, EbpfMapScheduler };
143
+ export * from './sandbox-controller';
144
+ export * from './worker-agent';
145
+ export * from './gateway';
146
+ export * from './wal-buffer';
147
+ export * from './oracle';
148
+ export * from './prompt-optimizer';
149
+ export * from './agent-os-rd';
150
+ export * from './gpu-bridge';
151
+ export * from './dashboard-server';
152
+ export * from './value-calibration';
153
+ export * from './oracle-anchored-search';
154
+ export * from './predictive-agent';
155
+ export * from './value-head';
156
+ export * from './telemetry';
157
+ export * from './governance';
158
+ export * from './cost-estimator';
159
+ export * from './satisfaction-metrics';
160
+ export * from './governed-executor';
161
+ export * from './rate-limiter';
162
+ export * from './health';
163
+ export * from './text-embedding';
164
+ export * from './personalization';
165
+ export * from './beta';
166
+ export * from './multi-axis-lift';
167
+ export * from './pglite-store';
168
+ export * from './pglite-hnsw-bridge';
169
+ export * from './knowledge-graph';
170
+ export * from './wiki-synthesizer';
171
+ export * from './safety-anneal';
172
+ export * from './mcts-prior';
173
+ export * from './mcts-kernel-bridge';
174
+ export * from './commit-gate';
175
+ export * from './mcp-macaroon';
176
+ export * from './p6-governance';
177
+ export * from './beta-runner';
178
+ export { askAgent, askAgentChat, llmComplete, llmCompleteUsage, activeLlmInfo } from './llm';
179
+ export { ChatStore, DEFAULT_CHAT_HISTORY_PATH } from './chat-store';
180
+ export * from './channels';
181
+ export * from './channel-gateway';
182
+ export * from './conversation-graph';
183
+ export * from './browser-agent';
184
+ export * as kakaoOAuth from './kakao-oauth';